---
AWSTemplateFormatVersion: '2010-09-09'
Description: VPC and network configuration for an EKS cluster.

Parameters:

  Region:
    Type: String
    Default: us-east-1
    Description: AWS Region for the VPC.

Resources:

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 172.16.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: eks-example

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: eks-example

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eks-example

  Route:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
    DependsOn: AttachGateway

  NetworkAcl:
    Type: AWS::EC2::NetworkAcl
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eks-example

  InboundNetworkAclEntrySSH:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref NetworkAcl
      RuleNumber: 100
      RuleAction: allow
      Protocol: -1
      Egress: false
      CidrBlock: 0.0.0.0/0
      PortRange:
        From: 22
        To: 22

  OutboundNetworkAclEntryAll:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref NetworkAcl
      RuleNumber: 101
      RuleAction: allow
      Protocol: -1
      Egress: true
      CidrBlock: 0.0.0.0/0
      PortRange:
        From: 0
        To: 65535

  Subnet1a:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone:
        Fn::Sub: '${Region}a'
      CidrBlock: 172.16.0.0/18
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: eks-example-a

  Subnet1aRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Subnet1a
      RouteTableId: !Ref RouteTable

  Subnet1aNetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref Subnet1a
      NetworkAclId: !Ref NetworkAcl

  Subnet1b:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone:
        Fn::Sub: '${Region}b'
      CidrBlock: 172.16.64.0/18
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: eks-example-b

  Subnet1bRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Subnet1b
      RouteTableId: !Ref RouteTable

  Subnet1bNetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref Subnet1b
      NetworkAclId: !Ref NetworkAcl

  Subnet1c:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone:
        Fn::Sub: '${Region}c'
      CidrBlock: 172.16.128.0/18
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: eks-example-c

  Subnet1cRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref Subnet1c
      RouteTableId: !Ref RouteTable

  Subnet1cNetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId: !Ref Subnet1c
      NetworkAclId: !Ref NetworkAcl

Outputs:

  VpcId:
    Description: VPC id
    Value: !Ref VPC

  Subnets:
    Description: List of Subnets in the VPC
    Value:
      Fn::Sub: '${Subnet1a},${Subnet1b},${Subnet1c}'
